TRUST CENTRE · REVIEWED 14 JULY 2026

Security and platform trust

A concise statement of controls implemented today. This page does not claim certifications or assurance work that RemitScan has not published.

Separated application surfaces

Public intelligence is served without login at www.remitscan.eu. Market-participant workspaces are served at mp.remitscan.eu. Administrative tools are served at admin.remitscan.eu. Private surfaces are excluded from indexing.

Authentication and authorisation

Private surfaces use Firebase Authentication. API requests verify Firebase identity tokens, administrative operations require an administrative role, and tenant data access is constrained by backend checks and database row-level security.

Data protection

Data is encrypted in transit and at rest. Production access is restricted to authorised personnel. Public, market-participant, and administrative deployments have separate route and API-proxy allowlists.

Auditability

Public comparison signals retain source references, relevant timestamps, rule and configuration versions, and calculation inputs. Outputs support investigation and do not make legal compliance determinations.

Hosting and enquiries

Current service providers are listed in the privacy policy. Contractual, vendor-risk, and security enquiries can be sent to contact@remitscan.eu.